Vulnerability
MacDNS
Affected
Mac
Description
There is a problem about MacDNS crashing on a 6100/66. The
problem is that the firewall is sending DNS requests at a
sufficiently high rate to crash MacDNS. Among other things, the
firewall is attempting to resolve the inverse domain name of
every URL requested by users. This could amount to bursts of
several DNS requests per second over several seconds.
This may have possibly resulted in some buffer in either the
MacOS or MacDNS being overrun (Warning: this might be used for a
D.O.S. attack on sites using MacDNS) and a subsequent O/S crash.
This problem may or may not apply to other Mac based DNS products.
Credit goes to Dan Brown.
Solution
The solution is to reconfigure the bastion host to use its own
name resolver. However, this may expose some internal DNS
information to the outside world; we are considering using
packet filtering to address this problem.